The Gmail flaw, probably the one detailed here (since supposedly fixed by Google), allowed the attacker to read all of the Gmail user's mail by forcing his account to forward all e-mail to an outside address.

The domain owner/victim had a domain for which the Administrative account had a Gmail address. The thief created a support ticket on the owner's registrar (also his web host) asking for them to unlock the domain and send the transfer code. The registrar, which in this case seems to have very lax security procedures, e-mailed the information to the address on the Administrative account, meaning the Gmail account, and therefore the thief got it too. The thief took the information and transferred the domain to a GoDaddy account without the owner's knowledge.

There was a happy ending; for all of GoDaddy's flaws, they are alert and savvy enough to recognize crimes like this. The owner was able to work with them to get the domain back. Things wouldn't have been so easy if the thief had used Shady-East-European-Registrar.com.

About the Author

Larry Seltzer has been writing software for and English about computers ever sincemuch to his own amazementhe graduated from the University of Pennsylvania in 1983.
He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find See Full Bio

Get Our Best Stories!

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.